Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/45852f-8fae-441d-b10c-0a1bf5bf0ca2/1/RO-2xcQ-C0WrDSJ7Eu00WY23rS4.roa
File:                     RO-2xcQ-C0WrDSJ7Eu00WY23rS4.roa (raw, json)
Hash identifier:          Avrv1nDidaSbZAK1I64G61mkaNMT6r8igSyRsacO8hw=
Subject key identifier:   44:EF:B6:C5:C4:3E:0B:45:AB:0D:22:7B:12:ED:34:59:8D:B7:AD:2E
Certificate issuer:       /CN=464528d9080c665db0551d8ad8b0f71f7bb76996
Certificate serial:       01942067E4911BD94A658DA7D7124AC2ED9E
Authority key identifier: 46:45:28:D9:08:0C:66:5D:B0:55:1D:8A:D8:B0:F7:1F:7B:B7:69:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RkUo2QgMZl2wVR2K2LD3H3u3aZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/45852f-8fae-441d-b10c-0a1bf5bf0ca2/1/RO-2xcQ-C0WrDSJ7Eu00WY23rS4.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59985
IP address blocks:        185.63.68.0/23 maxlen: 23
                          2a04:f380::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/45852f-8fae-441d-b10c-0a1bf5bf0ca2/1/RkUo2QgMZl2wVR2K2LD3H3u3aZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/45852f-8fae-441d-b10c-0a1bf5bf0ca2/1/RkUo2QgMZl2wVR2K2LD3H3u3aZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RkUo2QgMZl2wVR2K2LD3H3u3aZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e4:91:1b:d9:4a:65:8d:a7:d7:12:4a:c2:ed:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464528d9080c665db0551d8ad8b0f71f7bb76996
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44efb6c5c43e0b45ab0d227b12ed34598db7ad2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b6:3f:71:fb:54:28:ec:f0:3b:1d:17:04:5b:
                    17:27:e2:9a:30:5b:b6:ed:31:66:be:c1:8a:dc:6b:
                    e5:fa:9a:0a:9e:ad:6b:ee:ce:fc:c1:a2:1a:c7:69:
                    da:c2:af:10:bf:bb:de:aa:77:d1:22:47:aa:c3:de:
                    da:18:dd:19:d6:58:55:24:d3:5c:95:c2:c7:78:20:
                    2e:33:c3:db:f3:0b:6a:d0:79:cb:93:33:bb:77:96:
                    f8:6f:83:3d:33:2d:34:f6:fb:a6:b6:47:57:65:08:
                    1b:bc:b4:04:47:07:3c:dd:80:97:42:2d:82:45:eb:
                    b1:21:a2:ac:94:3f:0d:11:5d:1b:81:10:45:fc:cb:
                    e7:1c:d7:2e:b9:ca:f9:57:c4:12:58:eb:d9:a8:61:
                    8c:bf:99:a0:33:be:f9:5b:42:09:93:b4:2d:b2:7e:
                    1e:97:7f:ec:87:f4:79:a3:71:9b:dd:85:9a:b2:2c:
                    f0:ac:2d:34:9f:b9:e7:4a:32:26:f2:73:9e:ba:09:
                    04:9f:6f:3a:e3:7a:8b:0b:60:36:e2:8c:a4:f1:d0:
                    6c:0d:e7:18:d5:54:a3:45:24:3a:d9:2f:b9:ce:82:
                    38:b7:27:98:ec:a4:fa:1f:13:23:96:be:33:e1:e8:
                    91:2f:d2:e8:b3:30:cf:06:e1:e6:3d:9d:cc:0f:43:
                    8c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EF:B6:C5:C4:3E:0B:45:AB:0D:22:7B:12:ED:34:59:8D:B7:AD:2E
            X509v3 Authority Key Identifier:
                keyid:46:45:28:D9:08:0C:66:5D:B0:55:1D:8A:D8:B0:F7:1F:7B:B7:69:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RkUo2QgMZl2wVR2K2LD3H3u3aZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/45852f-8fae-441d-b10c-0a1bf5bf0ca2/1/RO-2xcQ-C0WrDSJ7Eu00WY23rS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/45852f-8fae-441d-b10c-0a1bf5bf0ca2/1/RkUo2QgMZl2wVR2K2LD3H3u3aZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.68.0/23
                IPv6:
                  2a04:f380::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:e7:c3:9c:9d:c7:4d:c9:c7:6f:90:87:e5:f6:56:2e:08:d9:
         bd:65:17:61:2c:ff:0f:b4:f2:c0:f9:f2:72:45:fd:c7:ce:1a:
         a5:62:1c:be:c0:4c:dc:bd:9f:6d:5c:aa:12:71:ad:96:60:4e:
         a6:67:78:6f:c1:32:48:cd:f1:64:a8:d2:f8:b9:18:c2:23:06:
         d1:12:ac:2f:ea:c4:fb:b6:21:fc:31:80:60:4b:1a:6e:83:01:
         3a:43:d0:22:19:89:e0:e9:9a:6a:13:3e:b2:da:02:79:ea:57:
         e1:6b:1a:bd:da:a6:f8:d1:9e:82:c2:bf:c9:eb:0c:be:76:88:
         50:6f:4a:63:35:f5:82:6f:58:13:22:6f:c6:4a:f9:04:d7:4a:
         d6:3c:6d:f0:30:88:99:94:ac:15:4a:3a:a4:1d:a9:31:87:69:
         5c:7e:c9:2b:98:ca:e5:ba:27:91:52:36:c1:90:15:90:65:3c:
         0a:e7:7e:83:67:4d:13:53:fb:eb:ec:21:70:bb:53:9d:fc:eb:
         ef:33:9f:85:15:93:ad:a6:2e:b3:87:bb:71:d3:b4:b7:56:52:
         49:bc:db:5b:9f:da:9e:10:a6:ad:30:5e:e9:f9:12:85:4b:41:
         48:5e:d5:bb:65:13:c0:b2:3a:36:ba:8f:fd:c7:88:fa:ce:d9:
         56:bd:21:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ+SRG9lKZY2n1xJKwu2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDUyOGQ5MDgwYzY2NWRiMDU1MWQ4YWQ4YjBmNzFmN2Ji
NzY5OTYwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGVmYjZjNWM0M2UwYjQ1YWIwZDIyN2IxMmVkMzQ1OThkYjdhZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubY/cftUKOzwOx0XBFsXJ+KaMFu2
7TFmvsGK3Gvl+poKnq1r7s78waIax2nawq8Qv7veqnfRIkeqw97aGN0Z1lhVJNNc
lcLHeCAuM8Pb8wtq0HnLkzO7d5b4b4M9My009vumtkdXZQgbvLQERwc83YCXQi2C
ReuxIaKslD8NEV0bgRBF/MvnHNcuucr5V8QSWOvZqGGMv5mgM775W0IJk7Qtsn4e
l3/sh/R5o3Gb3YWasizwrC00n7nnSjIm8nOeugkEn28643qLC2A24oyk8dBsDecY
1VSjRSQ62S+5zoI4tyeY7KT6HxMjlr4z4eiRL9LoszDPBuHmPZ3MD0OMbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFETvtsXEPgtFqw0iexLtNFmNt60uMB8GA1UdIwQY
MBaAFEZFKNkIDGZdsFUditiw9x97t2mWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtVbzJRZ01abDJ3VlIySzJMRDNIM3UzYVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC80NTg1MmYtOGZhZS00NDFkLWIxMGMt
MGExYmY1YmYwY2EyLzEvUk8tMnhjUS1DMFdyRFNKN0V1MDBXWTIzclM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC80NTg1MmYtOGZhZS00NDFkLWIxMGMtMGExYmY1YmYwY2Ey
LzEvUmtVbzJRZ01abDJ3VlIySzJMRDNIM3UzYVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuT9EMA0E
AgACMAcDBQAqBPOAMA0GCSqGSIb3DQEBCwUAA4IBAQCZ58OcncdNycdvkIfl9lYu
CNm9ZRdhLP8PtPLA+fJyRf3HzhqlYhy+wEzcvZ9tXKoSca2WYE6mZ3hvwTJIzfFk
qNL4uRjCIwbREqwv6sT7tiH8MYBgSxpugwE6Q9AiGYng6ZpqEz6y2gJ56lfhaxq9
2qb40Z6Cwr/J6wy+dohQb0pjNfWCb1gTIm/GSvkE10rWPG3wMIiZlKwVSjqkHakx
h2lcfskrmMrluieRUjbBkBWQZTwK536DZ00TU/vr7CFwu1Od/OvvM5+FFZOtpi6z
h7tx07S3VlJJvNtbn9qeEKatMF7p+RKFS0FIXtW7ZRPAsjo2uo/9x4j6ztlWvSEK
-----END CERTIFICATE-----